I Don't Believe in Imaginary Property writes "Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation."

rastos1 and several other readers noted that the SSL vulnerability we discussed a couple of weeks back, which some researchers had claimed was too theoretical to worry about, has now been demonstrated by exploit. The attack description is available on securegoose.org. "A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the SSL protocol. The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. All in all, a man in the middle is able to steal the credentials of a user authenticating himself through HTTPS to a trusted website."

Reader whencanistop writes with some details on an upcoming EU law that slipped under the radar as it was part of the package containing the "three strikes" provision, which attracted all the attention and criticism. "A couple of weeks ago we discussed the EU cookie proposal, which has now been passed into law. While the original story broke on the Out-law blog from a law perspective ('so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point'), there has now been followup from a couple of industry insiders. Aurelie Pols of the Web Analytics Association has blogged on how this will affect websites that want to monitor what people are looking at on their sites, while eConsultancy has blogged on how this will impact the affiliate industry. In all of this the general public is being ignored — the people who, if the law is actually implemented, will have to proceed through ridiculous screens of text every time they access a website. I know most of you guys hate cookies in general, but they are vital for websites to know how people are accessing the sites so they can work out how to improve the experience for the user."

Hugh Pickens writes "Wired reports that scientists have discovered that insects from cockroaches to caterpillars all emit the same stinky blend of fatty acids when they die and that the death mix may represent a universal, ancient warning signal to avoid their dead or injured. 'Recognizing and avoiding the dead could reduce the chances of catching the disease,' says Biologist David Rollo of McMaster University 'or allow you to get away with just enough exposure to activate your immunity.' Researchers isolated unsaturated fatty acids containing oleic and linoleic acids from the corpses of dead cockroaches and found that their concoction repelled not just cockroaches, but ants and caterpillars. 'It was amazing to find that the cockroaches avoided places treated with these extracts like the plague,' says Rollo. Even crustaceans like woodlice and pillbugs, which diverged from insects 400 million years ago, were repelled leading scientists to think the death mix represents a universal warning signal. Scientists hope the right concoction of death smells might protect crops. Thankfully, human noses can't detect the fatty acid extracts. 'I've tried smelling papers treated with them and don't smell anything strong and certainly not repellent,' writes Rollo in an e-mail. 'Not like the rotting of corpses that occurs later and is detectable from great distances.'"

CNet reports on a new money battle brewing between those who generate music and those who profit from selling it on the Net. "Songwriters, composers, and music publishers are making preparations to one day collect performance fees from Apple and other e-tailers for not just traditional music downloads but for downloads of films and TV shows as well. Those downloads contain music after all. These groups even want compensation for iTunes' 30-second song samples. ... Apparently, the music industry can't obtain the fees through negotiations. They have begun lobbying Congress to pass legislation that would require anyone who sells a download to pay a performance fee..."

wjousts writes "Technology Review has an article comparing various search results from Wolfram Alpha and Google. Results vary. For example, searching 'Microsoft Apple' in Alpha returns data comparing both companies stock prices, whereas Google top results are news stories mentioning both companies. However, when searching for '10 pounds kilograms,' Alpha rather unhelpfully assumes you want to multiply 10 pounds by 1 kilogram, whereas Google directs you to sites for metric conversions. Change the query to '10 pounds in kilograms' and both give you the result you'd expect (i.e. 4.536 kg)."

Frederik writes "Mandriva just released the 2009 Spring version of its distribution. Highlights of this new version include vastly improved boot times thanks to Speedboot, KDE 4.2.2, GNOME 2.26.1, XFCE 4.6 and LXDE desktop environments, a completely rewritten Mandriva Security Centre and improved firewall and network configuration tools, OLPC Sugar environment, QT Creator development environment, Songbird audio player, ext4 support and many more. Check out the release tour and release notes for more information or immediately start downloading it."

Barence writes "BT and other mobile broadband providers are blocking access to The Pirate Bay as part of a 'self-regulation' scheme with the Internet Watch Foundation. BT Mobile Broadband users who attempt to access the notorious BitTorrent tracker site are met with a 'content blocked' message. The warning page states the page has been blocked in 'compliance with a new UK voluntary code.' 'This uses a barring and filtering mechanism to restrict access to all WAP and internet sites that are considered to have "over 18" status,' the warning states. It goes on to list a series of categories that are blocked, including adult/sexually explicit content, 'criminal skills,' and hacking. It's not stated which category The Pirate Bay breaches, although the site does host links to porn movies."

Mordok-DestroyerOfWo writes "If a little-known but influential alliance of state politicians, large retailers, and tax collectors have their way, the days of tax-free Internet shopping may be nearly over. A bill expected to be introduced in the US Congress as early as Monday would rewrite the ground rules for mail order and Internet sales by eliminating what its supporters view as a 'loophole' that, in many cases, allows Americans to shop over the Internet without paying sales taxes."

Frosty Piss writes "Police in Finland have made an arrest for car theft based on a DNA sample taken from the blood found inside a mosquito. 'A police patrol carried out an inspection of the car and they noticed a mosquito that had sucked blood. It was sent to the laboratory for testing, which showed the blood belonged to a man who was in the police registers,' a police officer told reporters. The suspect, who has been interrogated, has insisted he did not steal the car, saying he had hitchhiked and was given a lift by a man driving the car. I'm wondering if the suspect should have denied any association with the car at all. After all, who knows where that mosquito had been?"

mhelander writes "In his weblog Roger Alsing describes how he used genetic programming to arrive at a remarkably good approximation of Mona Lisa using only 50 semi-transparent polygons. His blog entry includes a set of pictures that let you see how 'Poly Lisa' evolved over roughly a million generations. Both beautiful to look at and a striking way to get a feel for the power of evolutionary algorithms."

Zordak writes "CNN has up a story about several Israeli firms that want to replace metal detectors at airports with biometric readings. For example, with funding from TSA and DHS, 'WeCU ([creepily] pronounced "We See You") Technologies, employs a combination of infra-red technology, remote sensors and imagers, and flashing of subliminal images, such as a photo of Osama bin Laden. Developers say the combination of these technologies can detect a person's reaction to certain stimuli by reading body temperature, heart rate and respiration — signals a terrorist unwittingly emits before he plans to commit an attack.' Sensors may be embedded in the carpet, seats, and check-in screens. The stated goal is to read a passenger's 'intention' in a manner that is 'more fair, more effective and less expensive' than traditional profiling. But not to worry! WeCU's CEO says, 'We don't want you to feel that you are being interrogated.' And you may get through security in 20 to 30 seconds."

Gamasutra reports on a set of standards (PDF) published by the Entertainment Merchants Association to promote the use of technology that would "disable" games and DVDs until they are activated when purchased. "The effort is codenamed 'Project Lazarus,' and the EMA says it's assembled a consortium of retailers, home video companies and video game publishers to see how easily such 'benefit denial technology' could be implemented, and to evaluate possible cost-benefit analyses. The initiative is similar to security tags used in clothing retail that spill ink on garments if they're forcibly removed, thereby destroying the item. In such a situation, shoplifting is discouraged by implementing a solution that only the retailer can remove at the point of sale."